search

Azure / secrets-store-csi-driver-provider-azure

Azure Key Vault provider for Secret Store CSI driver allows you to get secret contents stored in Azure Key Vault instance and use the Secret Store CSI driver interface to mount them into Kubernetes pods.
https://azure.github.io/secrets-store-csi-driver-provider-azure/
MIT License
438 stars 194 forks source link

[Feature request] Reject input with invisible/zero-width character #1544

Open JoeyC-Dev opened 5 months ago

JoeyC-Dev commented 5 months ago

Describe the solution you'd like For example, there is a yaml file as below, and it should be rejected:

apiVersion: secrets-store.csi.x-k8s.io/v1
kind: SecretProviderClass
metadata:
  name: azure-kvname-wi 
spec:
  provider: azure
  parameters:
    usePodIdentity: "false"
    clientID: 00000000-0000-0000-0000-000000000000​
    keyvaultName: ${KEYVAULT_NAME}
    cloudName: ""
    objects:  |
      array:
        - |
          objectName: secret1 
          objectType: secret 
          objectVersion: ""      
    tenantId: "${IDENTITY_TENANT}"

image

When there is a root cause like this happening to an incident, it is a disaster to find it out.  (The reason I submitted this feature request is because it happened recently. We just had no where out at the time until we find the "space-like" thing when manually opened the yaml with VSC. The issue kept for 3 days.)

Anything else you would like to add: N/A

Environment: